Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch107
-rw-r--r--net-misc/openssh/openssh-7.9_p1.ebuild1
2 files changed, 108 insertions, 0 deletions
diff --git a/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch b/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch
new file mode 100644
index 000000000000..524d05ad89d5
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch
@@ -0,0 +1,107 @@
+--- openssh-7.9p1.orig/cipher-ctr-mt.c 2018-10-24 20:48:00.909255466 -0000
++++ openssh-7.9p1/cipher-ctr-mt.c 2018-10-24 20:48:17.378155144 -0000
+@@ -46,7 +46,7 @@
+
+ /*-------------------- TUNABLES --------------------*/
+ /* maximum number of threads and queues */
+-#define MAX_THREADS 32
++#define MAX_THREADS 32
+ #define MAX_NUMKQ (MAX_THREADS * 2)
+
+ /* Number of pregen threads to use */
+@@ -435,7 +435,7 @@
+ destp.u += AES_BLOCK_SIZE;
+ srcp.u += AES_BLOCK_SIZE;
+ len -= AES_BLOCK_SIZE;
+- ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE);
++ ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
+
+ /* Increment read index, switch queues on rollover */
+ if ((ridx = (ridx + 1) % KQLEN) == 0) {
+@@ -481,8 +481,6 @@
+ /* get the number of cores in the system */
+ /* if it's not linux it currently defaults to 2 */
+ /* divide by 2 to get threads for each direction (MODE_IN||MODE_OUT) */
+- /* NB: assigning a float to an int discards the remainder which is */
+- /* acceptable (and wanted) in this case */
+ #ifdef __linux__
+ cipher_threads = sysconf(_SC_NPROCESSORS_ONLN) / 2;
+ #endif /*__linux__*/
+@@ -505,11 +503,12 @@
+ if (cipher_threads < 2)
+ cipher_threads = 2;
+
+- /* assure that we aren't trying to create more threads than we have in the struct */
+- /* cipher_threads is half the total of allowable threads hence the odd looking math here */
++ /* assure that we aren't trying to create more threads */
++ /* than we have in the struct. cipher_threads is half the */
++ /* total of allowable threads hence the odd looking math here */
+ if (cipher_threads * 2 > MAX_THREADS)
+ cipher_threads = MAX_THREADS / 2;
+-
++
+ /* set the number of keystream queues */
+ numkq = cipher_threads * 2;
+
+@@ -551,16 +550,16 @@
+ }
+
+ if (iv != NULL) {
+- memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
++ memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
+ c->state |= HAVE_IV;
+ }
+
+ if (c->state == (HAVE_KEY | HAVE_IV)) {
+ /* Clear queues */
+- memcpy(c->q[0].ctr, ctx->iv, AES_BLOCK_SIZE);
++ memcpy(c->q[0].ctr, c->aes_counter, AES_BLOCK_SIZE);
+ c->q[0].qstate = KQINIT;
+ for (i = 1; i < numkq; i++) {
+- memcpy(c->q[i].ctr, ctx->iv, AES_BLOCK_SIZE);
++ memcpy(c->q[i].ctr, c->aes_counter, AES_BLOCK_SIZE);
+ ssh_ctr_add(c->q[i].ctr, i * KQLEN, AES_BLOCK_SIZE);
+ c->q[i].qstate = KQEMPTY;
+ }
+@@ -644,8 +643,22 @@
+ const EVP_CIPHER *
+ evp_aes_ctr_mt(void)
+ {
++# if OPENSSL_VERSION_NUMBER >= 0x10100000UL
++ static EVP_CIPHER *aes_ctr;
++ aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/);
++ EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE);
++ EVP_CIPHER_meth_set_init(aes_ctr, ssh_aes_ctr_init);
++ EVP_CIPHER_meth_set_cleanup(aes_ctr, ssh_aes_ctr_cleanup);
++ EVP_CIPHER_meth_set_do_cipher(aes_ctr, ssh_aes_ctr);
++# ifndef SSH_OLD_EVP
++ EVP_CIPHER_meth_set_flags(aes_ctr, EVP_CIPH_CBC_MODE
++ | EVP_CIPH_VARIABLE_LENGTH
++ | EVP_CIPH_ALWAYS_CALL_INIT
++ | EVP_CIPH_CUSTOM_IV);
++# endif /*SSH_OLD_EVP*/
++ return (aes_ctr);
++# else /*earlier version of openssl*/
+ static EVP_CIPHER aes_ctr;
+-
+ memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
+ aes_ctr.nid = NID_undef;
+ aes_ctr.block_size = AES_BLOCK_SIZE;
+@@ -654,11 +667,12 @@
+ aes_ctr.init = ssh_aes_ctr_init;
+ aes_ctr.cleanup = ssh_aes_ctr_cleanup;
+ aes_ctr.do_cipher = ssh_aes_ctr;
+-#ifndef SSH_OLD_EVP
+- aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
+- EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
+-#endif
+- return &aes_ctr;
++# ifndef SSH_OLD_EVP
++ aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
++ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
++# endif /*SSH_OLD_EVP*/
++ return &aes_ctr;
++# endif /*OPENSSH_VERSION_NUMBER*/
+ }
+
+ #endif /* defined(WITH_OPENSSL) */
diff --git a/net-misc/openssh/openssh-7.9_p1.ebuild b/net-misc/openssh/openssh-7.9_p1.ebuild
index c38afd6020ca..83ff7a4d299d 100644
--- a/net-misc/openssh/openssh-7.9_p1.ebuild
+++ b/net-misc/openssh/openssh-7.9_p1.ebuild
@@ -169,6 +169,7 @@ src_prepare() {
popd
eapply "${hpn_patchdir}"
+ eapply "${FILESDIR}/openssh-7.9_p1-hpn-openssl-1.1.patch"
einfo "Patching Makefile.in for HPN patch set ..."
sed -i \